Feeds

Cisco probes source code theft

Networking crown jewels aired in public

  • alert
  • submit to reddit

SANS - Survey on application security programs

Cisco has launched an investigation following reports that portions of its core networking operating system source code have been stolen and distributed online.

According to Russian security portal SecurityLab, a hacker boasting he broke into Cisco's internal network and nicked source code for some versions of Cisco's IOS has posted a 2.5MB snippet onto an IRC channel as proof. Around 800MB of code relating to Cisco IOS 12.3 and 12.3t has reportedly been nicked. IOS 12.3 is the latest version of Cisco's software, widely used home office, branch office and enterprise routers. IOS 12.3t is an earlier test version. Access to Cisco's source code might make it easier for hackers to develop exploits.

"Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend," Cisco spokesman Jim Brady told C/Net. "The Cisco information security team is looking into this matter and investigating what happened."

The leak of proprietary source code would be embarrassing for Cisco given its increased focus on security over recent months but far from unprecedented within the industry. Source code for parts of Windows 2000 and Windows NT were leaked to the Internet back in February prompting a minor security flap. ®

Related stories

How to hack a network in nine easy steps
Cisco IOS DoS exploit released in the wild
MS Windows source code escapes onto Internet
Windows leak dangers exaggerated
Half Life 2 leak means no launch for Christmas

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.